Vulnerability Name:

CVE-2008-2703 (CCN-42917)

Assigned:2008-06-03
Published:2008-06-03
Updated:2018-10-11
Summary:Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-2703

Source: CCN
Type: SA30576
Novell GroupWise Messenger Client Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30576

Source: CCN
Type: SECTRACK ID: 1020209
Novell GroupWise Messenger Stack Overflows Let Remote Users Execute Arbitrary Code

Source: CCN
Type: Novell Technical Information Document ID: 5026700
GroupWise Messenger 2.0.3 Hot Patch 1 Client for Windows - US and Multi

Source: CONFIRM
Type: Patch
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html

Source: CCN
Type: OSVDB ID: 46041
Novell GroupWise Messenger Client (GWIM) NM_A_SZ_TRANSACTION_ID String Server Response Overflow

Source: BUGTRAQ
Type: UNKNOWN
20080704 Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow

Source: BID
Type: UNKNOWN
29602

Source: CCN
Type: BID-29602
Novell GroupWise Messenger Client Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020209

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1764

Source: XF
Type: UNKNOWN
groupwise-messenger-client-bo(42917)

Source: XF
Type: UNKNOWN
groupwise-messenger-client-bo(42917)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [07-02-2008]
TRY NOW HomeVulnerability & Exploit DatabaseModules Rapid7 Vulnerability & Exploit Database Novell GroupWise Messenger Client Buffer Overflow Back to Search Novell GroupWise Messenger Client Buffer Overflow

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:groupwise_messenger:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise_messenger:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise_messenger:2.0.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:groupwise_messenger:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise_messenger:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise_messenger:2.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell groupwise messenger 2.0
    novell groupwise messenger 2.0.2
    novell groupwise messenger 2.0.3
    novell groupwise messenger 2.0
    novell groupwise messenger 2.0.2
    novell groupwise messenger 2.0.3